<?php

session_start();
include('db_connect.php');
$referer = 'https://localhost/planmytrip/logon_provider.php';
$time = 5 * 60;
if (isset($_SESSION['token']) && isset($_SESSION['time']) && isset($_POST['token'])) {
    if ($_SESSION['token'] == $_POST['token']) {
        if ($_SESSION['time'] >= (time() - $time)) {
            if ($_SERVER['HTTP_REFERER'] == $referer) {
                $login = mysql_real_escape_string($_POST['login']);
                $passwd = hash("sha512", $_POST['passwd']);
                $request = 'SELECT id, name, passwd FROM providers WHERE login = "' . $login . '"';
                $result = mysql_query($request) or die('Please register you');
                mysql_close();
                $record = mysql_fetch_assoc($result);
                $rec_id = $record['id'];
                $rec_name = $record['name'];
                $rec_passwd = $record['passwd'];
                if ($rec_passwd == $passwd) {
                    $_SESSION['connect'] = true;
                    $_SESSION['id'] = $rec_id;
                    $_SESSION['name'] = $rec_name;
                    $_SESSION['token'] = ' ';
                    unset($_SESSION['token']);
                    $_SESSION['time'] = ' ';
                    unset($_SESSION['time']);
                    die('OK');
                } else {
                    die('Bad password');
                }
            }
        } else {
            die('timeout');
        }
    }
}
die('XSRF');
?>
